CVE-2023-49453
Product detail ⌗
A Cross-Site Scripting (XSS) vulnerability in Racktables version <= 0.22.0, located in the 'search' component at '/index.php?page=search', allows attackers to capture a victim's cookies through reflected Cross-Site scripting method.
Prerequisite ⌗
Install Racktables from official Racktables Github repository
GitHub page
![](https://nitipoom-jar.github.io/CVE-2023-49453/1.png)
Racktables repository
![](https://nitipoom-jar.github.io/CVE-2023-49453/2.png)
Racktables latest version is 0.22.0
![](https://nitipoom-jar.github.io/CVE-2023-49453/3.png)
Installed Racktables version 0.22.0
Exploitation ⌗
1. Search with XSS payload, query for cookie, since cookie has no http-only flag set
![](https://nitipoom-jar.github.io/CVE-2023-49453/4.png)
Obtain victim's cookie session
![](https://nitipoom-jar.github.io/CVE-2023-49453/5.png)